RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Apr 8 15:56:11 UTC 2021
On Thu, 8 Apr 2021 13:57:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change does not intend to support multiple byte tags. Instead, it aims to fail more gracefully when such a tag is encountered. For `DerValue` constructors from an encoding (type I), an `IOException` will be thrown since it's already in the throws clause. For constructors from tag and value (type II), an `IllegalArgumentException` will be thrown. All existing type II callers inside JDK use tag numbers smaller than 31.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> update exception wordings
Looks good to me, except a minor comment.
src/java.base/share/classes/sun/security/util/DerValue.java line 225:
> 223: DerValue(byte tag, byte[] buffer, int start, int end, boolean allowBER) {
> 224: if ((tag & 0x1f) == 0x1f) {
> 225: throw new IllegalArgumentException("Tag number 31 is not supported");
As number 31 just means the tag is bigger than 31, Is it more accuracy by using "Tag number over 30 is not supported"?
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/3391
More information about the security-dev
mailing list